Cannot enable/disable Directory Synchronization options in CCP: 'The entered value is the same as one of the 5 previous passwords.'

Symptoms

When trying to enable/disable Passwords Synchronization or Contact Synchronization in CCP > More Services > Directory Synchronization, the following error is shown:

PBA reported error while trying to update account member password. Error: -1, 'The new password cannot be accepted. The entered value is the same as one of the 5 previous passwords. Please, provide another password.'.

Cause

When CDI is activated for the subscription, it creates an internal staff member for AD sync with a name like cdi.<SubscriptionID>-<xxx>. This staff member is propagated to Business Automation as a user (as with any other staff member).

When we enable/disable any additional Directory Synchronization options in CCP, OA mistakenly tries to synchronize the password for the CDI user with Business Automation, but it should happen only when we initiate Change password for the CDI account from CCP.

This issue is reported to the OA maintenance team as POA-87241: "AD Sync: Not possible to enable/disable Contacts Synchronization or Passwords Synchronization".

Resolution

To workaround the issue, it is necessary to change the current password for the CDI user directly in Business Automation database. Please contact Odin technical support to apply it.

Search Words

PBA reported error while trying to update account member password. Error: -1, 'The new password cannot be accepted. The entered value is the same as one of the 5 previous passwords. Please, provide another password.'.